Hi I have a need to run various CGI scripts as different OS users, perhaps by Apache directory or via Apache virtual hosts. This isn't for security reasons, but because we need to interact with different OS environments via a web interface, and each environment will require a different OS user. I should point out that this is on a departmental, low volume server. Only our team has access to the server - via the web interface or via ssh. We're using Apache on Redhat 5.3. Due to our support contract, we must use the vendor's HTTP server rather than compile from source. The solution I tried used suexec. But it does things like sanitise the environment, including variables I need like ORACLE_HOME and ORACLE_SID. And since mod_perl is bundled with Redhat Apache, I figure that maybe it would be possible to write an mp handler that does a similar job to suexec but without all the security features I guess suexec includes for shared hosts and public websites. So my next is - how do I do this? If I simply set my euid within the handler, won't I effectively be changing the uid of the httpd process? So could I save my uid, change it to when the CGI script is being executed, and then change it back again? Advice appreciated. Thanks Dan
Attention: This email together with any attachments is confidential. If you are not the intended recipient please delete the message and notify the sender. Any views or opinions presented are solely those of the author and will not necessarily reflect the views of Meridian Energy. ************** PLEASE CONSIDER THE ENVIRONMENT BEFORE PRINTING *************
